From ddc3f673d3d119cfb9b1d207fa04487a15e5375c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 17 Feb 2023 14:46:22 +0100 Subject: [PATCH 1/3] Use ufw from puppet sunet instead --- manifests/app_type.pp | 4 ++++ manifests/proxysql.pp | 8 ++++++++ manifests/satosa.pp | 4 ++-- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index f562e50..abf302c 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -338,6 +338,10 @@ define sunetdrive::app_type ( from => '0.0.0.0/0', port => 443, } + sunet::nftables::docker_expose { 'https': + from => ['any'] + port => 443, + } } } diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp index 38f370c..96b0cc1 100644 --- a/manifests/proxysql.pp +++ b/manifests/proxysql.pp @@ -69,6 +69,14 @@ class sunetdrive::proxysql ( from => $tug_office, port => 6080, } + sunet::nftables::docker_expose { 'stats_ports': + from => $tug_office, + port => 6080, + } + sunet::nftables::docker_expose { 'proxysql': + from => ['any'], + port => 6032, + } sunet::docker_compose { 'drive_proxysql_docker_compose': content => template('sunetdrive/proxysql/docker-compose_proxysql.yml.erb'), diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 08b0a9e..52ab62d 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -49,7 +49,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', notify => Sunet::Docker_run['satosa'] } } - ufw::allow { 'satosa-allow-https': + sunet::misc::ufw_allow { 'satosa-allow-https': ip => 'any', port => '443' } @@ -63,7 +63,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', ports => ['80:80'], env => ['ACME_URL=http://acme-c.sunet.se'] } - ufw::allow { 'satosa-allow-http': + sunet::misc::ufw_allow { 'satosa-allow-http': ensure => $dehydrated_status, ip => 'any', port => '80' From 5f1163e25741a6e09d84f528844cf64901b2c29b Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 17 Feb 2023 16:24:19 +0100 Subject: [PATCH 2/3] Missing comma --- manifests/app_type.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index abf302c..a833228 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -339,7 +339,7 @@ define sunetdrive::app_type ( port => 443, } sunet::nftables::docker_expose { 'https': - from => ['any'] + from => ['any'], port => 443, } } From dd6e75cc32725f86e9a267841fc34aa6ae38a2fe Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 17 Feb 2023 16:26:22 +0100 Subject: [PATCH 3/3] from -> allow_clients --- manifests/app_type.pp | 4 ++-- manifests/proxysql.pp | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index a833228..d1fffaf 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -339,8 +339,8 @@ define sunetdrive::app_type ( port => 443, } sunet::nftables::docker_expose { 'https': - from => ['any'], - port => 443, + allow_clients => ['any'], + port => 443, } } diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp index 96b0cc1..f05426f 100644 --- a/manifests/proxysql.pp +++ b/manifests/proxysql.pp @@ -70,12 +70,12 @@ class sunetdrive::proxysql ( port => 6080, } sunet::nftables::docker_expose { 'stats_ports': - from => $tug_office, - port => 6080, + allow_clients => $tug_office, + port => 6080, } sunet::nftables::docker_expose { 'proxysql': - from => ['any'], - port => 6032, + allow_clients => ['any'], + port => 6032, } sunet::docker_compose { 'drive_proxysql_docker_compose':